Oracle Critical Patch Update for July Contains 265 Fixes
Oracle fixes 265 vulnerabilities in July’s Critical Patch Update.
Contexte
On July 16, Oracle released its Critical Patch Update (CPU) for July 2019 as part of its quarterly release of fixes for vulnerabilities. This update contains fixes for 265 CVEs, according to the Oracle Advisory to CVE Map, across several Oracle products.
Analyse
Oracle’s July 2019 CPU contains 265 addressed CVEs across 25 products, and many of those vulnerabilities have a critical CVSS rating of 9.8. These critical vulnerabilities are unauthenticated remote code execution (RCE) vulnerabilities that could lead to full application takeover when exploited. Oracle's Risk Matrix page has full descriptions for all the patched vulnerabilities in this update.
This CPU also contains fixes for CVE-2019-2725 and CVE-2019-2729, which Tenable covered CVE-2019-2725 back in April and CVE-2019-2729 in June.
Solution
Customers are advised to apply all relevant patches provided by Oracle in this CPU. Please refer to the July 2019 advisory for full details.
Identification des systèmes affectés
A list of Nessus plugins to identify these vulnerabilities will appear here as they’re released.
En savoir plus
- Oracle Critical Patch Update Advisory - July 2019
- Oracle Advisory to CVE Map
- July 2019 CPU Risk Matrix Page
Rejoignez l'équipe SRT de Tenable sur Tenable Community.
Learn more about Tenable, the first Cyber Exposure platform for holistic management of your modern attack surface. Get a free 60-day trial of Tenable.io Vulnerability Management.
Articles connexes
Securing Financial Data in the Cloud: How Tenable Can Help
November 4, 2024Preventing data loss, complying with regulations, automating workflows and managing access are four key challenges facing financial institutions. Learn how Tenable can help.
Cybersecurity Snapshot: Apply Zero Trust to Critical Infrastructure’s OT/ICS, CSA Advises, as Five Eyes Spotlight Tech Startups’ Security
November 1, 2024Should critical infrastructure orgs boost OT/ICS systems’ security with zero trust? Absolutely, the CSA says. Meanwhile, the Five Eyes countries offer cyber advice to tech startups. Plus, a survey finds “shadow AI” weakening data governance. And get the latest on MFA methods, CISO trends and Uncle Sam’s AI strategy.
FY 2024 State and Local Cybersecurity Grant Program Adds CISA KEV as a Performance Measure
October 31, 2024The CISA Known Exploited Vulnerabilities (KEV) catalog and enhanced logging guidelines are among the new measurement tools added for the 2024 State and Local Cybersecurity Grant Program.